CVE-2021-33631 Kernel crash in EXT4 filesystem

2024-01-1815:05:58

CWE-190

openEuler

github.com

cve-2021-33631

kernel crash

ext4 filesystem

integer overflow

openeuler

linux

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.

CNA Affected

[
  {
    "repo": "https://gitee.com/src-openeuler/kernel",
    "vendor": "openEuler",
    "modules": [
      "filesystem"
    ],
    "product": "kernel",
    "versions": [
      {
        "status": "affected",
        "changes": [
          {
            "at": "cf1d16ea2f1086c0765348344b70aa2361436642 ext4: fix kernel BUG in 'ext4_write_inline_data_end()'",
            "status": "unaffected"
          }
        ],
        "version": "4.19.90",
        "lessThan": "4.19.90-2401.3",
        "versionType": "git"
      },
      {
        "status": "affected",
        "changes": [
          {
            "at": "1587126a0f2a79b3ee6cb309bbfaf079c39eda29 ext4: fix kernel BUG in 'ext4_write_inline_data_end()'",
            "status": "unaffected"
          }
        ],
        "version": "5.10.0-60.18.0",
        "lessThan": "5.10.0-183.0.0",
        "versionType": "git"
      }
    ],
    "platforms": [
      "Linux"
    ],
    "packageName": "kernel",
    "programFiles": [
      "https://gitee.com/openeuler/kernel/blob/openEuler-22.03-LTS/fs/ext4/inline.c"
    ],
    "collectionURL": "https://gitee.com/src-openeuler",
    "defaultStatus": "unaffected"
  }
]